Method and apparatus for a robust high-speed cryptosystem

Abstract

A cryptographic information and communication system of the knapsack type characterized by secret logical segregation of the key sets into sections by different construction methods, where different transformations are applied to different sections, and characterized by non-constant number of subset sum solutions to ciphertext, where resolution protocols are employed when necessary to resolve non-unique subset sum solutions at the decryptor.

Claims

I claim:

1. A cryptographic method comprising the steps of:

providing a plurality of key section construction methods;

deriving a decryption key including a decryption key set of identifiables logically segregated into sections, each said section generated by one of a plurality of construction methods and said segregation is kept secret;

deriving from said decryption key an encryption key, each section of said decryption key set is transformed to a corresponding section of said encryption key set and at least two said sections are transformed under different transformation methods, and previously generated and transformed sections are transformed together with the currently generated section;

accepting a message in the form of an input sequence of integers;

converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector having the same dimensions as said key vector;

generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector;

accepting a ciphertext; and

decrypting said ciphertext to recover said message.

2. A cryptographic method as in claim 1 further comprising the steps of:

deriving the decryption key including a decryption fuzzy residue set;

deriving a fuzzy residue mapping whereby elements of said decryption key set and elements of said decryption fuzzy residue set are associated for decryption;

deriving from said decryption key the encryption key including an encryption fuzzy residue set from said decryption fuzzy residue set, inheriting said fuzzy residue mapping whereby elements of said encryption key set and elements of said encryption fuzzy residue set are associated for encryption;

generating the ciphertext by computation that includes applying fuzzy residues determined by the values of the integers of said data vectors and in accordance with said fuzzy residue mapping; and

decrypting said ciphertext including the removal of fuzzy residues from said ciphertext in accordance with said fuzzy residue mapping to recover said message.

3. A cryptographic method as in claim 1 which securely communicates data from a first party S to a second party R comprising the steps of:

deriving cryptographic keys at party R comprising:

deriving the decryption key to be kept secret at party R, wherein decoding by said decryption key produces one or more solutions for valid ciphertext and detects invalid ciphertext or noise; and

deriving from said decryption key the encryption key, wherein said encryption key produces a same ciphertext from different data bits;

distributing said encryption key from party R to party S;

receiving said encryption key at party S;

accepting a message at party S;

generating the ciphertext from said message using said encrption key;

transmitting said ciphertext from party S to party R over a communication channel;

receiving said ciphertext at party R; and

decoding said ciphertext at party R to obtain all possible decodes and to recover said message through the identification of valid decodes or through the elimination of any and all invalid decodes by means of a resolution method.

4. A resolution method as in claim 3, used in the decryption of ciphertext having unremovable fuzziness that is encrypted from a message by a first party S and sent from party S to a second party R, for eliminating sets of invalid decodes due to said unremovable fuzziness observing a non-negative integer threshold value, wherein said elimination terminates when the number of sets of invalid decodes falls below said threshold, and wherein said parties adopt a one-way characteristics function H for each cycle of the resolution method by either pre-agreement or by interactive agreement, comprising at least one cycle of the steps of:

generating a random bit sequence s of length zero or more at party R;

transmitting from party R to party S over a communication channel said random bit sequence s and p, the specification of a portion of said message;

receiving s and p at party S;

blending s with the portion of said message specified by p at party S to obtain a blended result b;

calculating at party s characteristics h=H(b);

transmitting h from party S to party R over said communication channel;

receiving h at party R; and

repeating at party R for each set of decodes C the steps of:

blending s with the portion of C corresponding to the portion of said message specified by p to obtain a blended result b';

calculating at party R characteristics h'=H(b'); and

discarding C if h' does not equal h.

5. A cryptographic method as in claim 1 which securely communicates data from a first party S to a second party R comprising the steps of:

extending said data into a set of public keys at party S;

communicating from party S to party R said extended form of said data over a communication channel; and

executing a secure protocol between party S and party R whereby party R extracts said data from its said extended form.

6. A cryptographic method as in claim 5 wherein said data are extended into encryption keys e.sub.1, e.sub.2, . . . , e.sub.n (n.gtoreq.1), each of which can have one or more different corresponding decryption keys d.sub.i1, d.sub.i2, . . . , d.sub.im (m.gtoreq.1), whereby d.sub.i1, d.sub.i2, . . . , d.sub.im corresponding to e.sub.i give different decipherment to ciphertext produced by e.sub.i comprising the steps of:

extending said data at party S into a set of public encryption keys e.sub.1, e.sub.2, . . . , e.sub.n ;

communicating e.sub.1, e.sub.2, . . . , e.sub.n from party S to party R over a communication channel; and

executing a secure protocol between party S and party R whereby party R encrypts using each of e.sub.1, e.sub.2, . . . , e.sub.n and party S uses d.sub.ik, for some k wherein 1.ltoreq.k.ltoreq.m, for decryption in said protocol, and whereby party R extracts said data from its said extended form.

7. A cryptographic method as in claim 5 which securely communicates data from a first party S to a second party R comprising the steps of:

accepting the message in the form of a bit sequence at party S;

converting said bit sequence to n numbers a.sub.1, a.sub.2, . . . , a.sub.n formed by inserting a one bit as the most significant bit to n consecutive variant size bit subsequences of said bit sequence at party S, wherein said sizes are randomly selected;

deriving the decryption key to be kept secret at party S including at least n unique or near-unique sets D.sub.1, D.sub.2, . . . , D.sub.n as extended decryption key sets corresponding to said n numbers, wherein at least one of the elements in each said extended decryption set is a tangible;

deriving from said decryption key the encryption key at party S by transforming said extended decryption key sets D.sub.i to extended encryption key sets E.sub.i for 1.ltoreq.i.ltoreq.n, wherein one of the tangibles in each extended decryption set D.sub.i is transformed to the corresponding number a.sub.i ;

distributing said encryption key from party S to party R;

performing at least one cycle of the following steps until each and all a.sub.i in E.sub.i, for 1.ltoreq.i.ltoreq.n, are identified by party R via the identification of all elements in E.sub.i that are not a.sub.i ;

generating the ciphertext at party R comprising:

generating random vectors of integers V.sub.i corresponding to E.sub.i for 1.ltoreq.i.ltoreq.n; and

generating ciphertext s.sub.i by computation that includes calculating the inner product of V.sub.i and E.sub.i for 1.ltoreq.i.ltoreq.n;

transmitting said ciphertext from party R to party S over a communication channel;

receiving at party S said ciphertext and recognizing in said s.sub.i the presence or absence of a.sub.i into which said tangible in corresponding D.sub.i is transformed for 1.ltoreq.i.ltoreq.n;

reporting, via said communication channel, said recognition of the presence or absence by party S to party R; and

identifying at party R, in response to said reporting, elements in E.sub.i that are not a.sub.i for 1.ltoreq.i.ltoreq.n; and

reassembling and reconstructing said message at party R.

8. A cryptographic method as in claim 1 for information and communication security with the inseparable operation of secure exchange of encryption keys and proper mutual identification and authentication between a first party X and a second party Y comprising the steps of:

generating at party X public identification encryption key K.sub.xip, private identification decryption key K.sub.xis, public encryption key K.sub.xp, and private decryption key K.sub.xs of party X;

generating at party Y public identification encryption key K.sub.yip and private identification decryption key K.sub.yis public encryption key K.sub.yp, and private decryption key K.sub.ys of party Y;

establishing a communication channel between said parties initiated by party X;

transmitting from party X to party Y over said communication channel K.sub.yip (K.sub.xp);

receiving K.sub.yip (K.sub.xp) at party Y with a timeout t;

obtaining K.sup.1.sub.xp at party Y through decryption:

K.sup.1.sub.xp =K.sub.yis (K.sub.yip (K.sub.xp))

constructing at party Y a challenge packet K.sup.1.sub.xp (K.sub.xip (.beta..multidot.K.sub.yp .multidot.C.sub.y)), where C.sub.y is a challenge generated by party Y, and .beta.=H(K.sup.1.sub.xp .multidot.C.sub.y) for some one-way characteristics function H and .multidot. denotes some appropriate mixing or concatenating function;

sending from party Y to party X over said communication channel K.sup.1.sub.xp (K.sub.xip (.beta..multidot.K.sub.yp .multidot.C.sub.y));

receiving with said timeout t and decrypting K.sup.1.sub.xp (K.sub.xip (.beta..multidot.K.sub.yp .multidot.C.sub.y)) at party X:

.beta.'.multidot.K.sup.1.sub.yp -C.sup.1.sub.y =K.sub.xis (K.sub.xs (K.sup.1.sub.xp (K.sub.xip (.beta..multidot.K.sub.yp .multidot.C.sub.y)));

testing at party X if .beta.' equals H(K.sub.xp .multidot.C.sup.1.sub.y) and failing and aborting the identification/authentication process if .beta.' does not equal H(K.sub.xp .multidot.C.sup.1.sub.y);

constructing at party X a challenge packet K.sup.1.sub.yp (K.sub.yip (.gamma..multidot.R.sub.x .multidot.C.sub.x)), where C.sub.x is a challenge by party X, R.sub.x is the reply by party X to party Y in response to C.sup.1.sub.y, and .gamma.=H(K.sup.1.sub.yp .multidot.C.sub.x);

sending from party X to party Y over said communication channel K.sup.1.sub.yp (K.sub.yip (.gamma..multidot.R.sub.x .multidot.C.sub.x));

receiving with said timeout t and decrypting K.sup.1.sub.yp (K.sub.yip (.gamma..multidot.R.sub.x .multidot.C.sub.x) at party Y:

.gamma.'.multidot.R.sup.1.sub.x .multidot.C.sup.1.sub.x =K.sub.yis (K.sub.ys (K.sup.1.sub.yp (K.sub.yip (.gamma..multidot.R.sub.x .multidot.C.sub.x))));

testing at party Y if .gamma.' equals H((K.sub.yp .multidot.C.sup.1.sub.x) and if R.sup.1.sub.x equals R.sub.x, and failing and aborting the identification/authentication process if either .gamma.' does not equal H((K.sub.yp .multidot.C.sup.1.sub.x) or R.sup.1.sub.x does not equal R.sub.x, where R.sub.x is the expected reply based on C.sub.y ;

sending a reply packet K.sup.1.sub.xp (K.sub.xip (R.sub.y)) from party Y to party X over said communication channel, where R.sub.y is the reply by party Y to party X in response to C.sup.1.sub.x ;

receiving and decrypting K.sup.1.sub.xp (K.sub.xip (R.sub.y)) at party X:

R.sup.1.sub.y =K.sub.xis (K.sub.xs (K.sup.1.sub.xp (K.sub.xip (R.sub.y))))

testing at party X if R.sup.1.sub.y equals R.sub.y and failing and aborting the identification/authentication process if R.sup.1.sub.y does not equal R.sub.y, where R.sub.y is the expected reply based on C.sub.x ;

failing and aborting the identification/authentication process whenever

1) said timeout t expires, or

2) any decryption fails; and

providing further protection and security to communication and data transfer with encryption using K.sup.1.sub.xp =K.sub.xp and K.sup.1.sub.yp =K.sub.yp.

9. An identification/authentication method as in claim 8 adapted for use in a cryptographic system that employs a block cipher as its cryptor, at least one time sensitive transmission block from party X is separated into m>1 portions, p.sub.1, p.sub.2, . . . , P.sub.m, according to a defined or agreed upon method of separation and sent from party X to party Y with a pause .alpha..sub.j after transmitting each p.sub.j, for 1.ltoreq.j<m where .SIGMA..alpha..sub.j +d.gtoreq.t and .SIGMA..alpha..sub.i +d<t for 1.ltoreq.i<m-1 and d being the maximum expected delay for the transmission, and at least one time sensitive transmission block from party Y is separated into n>1 portions, q.sub.1, q.sub.2, . . . , q.sub.n, according to a defined or agreed upon method of separation and sent from party Y to party X with a pause .beta..sub.j after transmitting each q.sub.j, for 1.ltoreq.j<n where .SIGMA..beta..sub.j +d.gtoreq.t and .SIGMA..beta..sub.i +d<t for 1.ltoreq..beta.<n-1, party X expects q.sub.1 within t, and party Y expects p.sub.1 within t, and each of said parties reassembles said portions back to said time sensitive transmission block.

calculating at party S characteristics h=H(b);

transmitting h from party S to party R over said communication channel;

receiving h at party R; and

repeating at party R for each set of decodes C the steps of:

blending s with the portion of C corresponding to the portion of said message specified by p to obtain a blended result b';

calculating at party R characteristics h' =H(b'); and

discarding C if h' does not equal h.

10. A cryptographic method which securely communicates data from a first party S to a second party R comprising the steps of:

deriving cryptographic keys at party R comprising:

providing a plurality of key section construction methods;

deriving a decryption key to be kept secret at party R including a decryption key set of identifiables logically segregated into sections, each section generated by one of a plurality of construction methods and said segregation is kept secret;

deriving from said decryption key an encryption key, each section of said decryption key set is transformed to a corresponding section of said encryption key set, and at least two sections are transformed under different transformation methods, and previously generated and transformed sections are

transformed together with the currently generated section;

distributing said encryption key from party R to party S;

receiving said encryption key at party S;

generating ciphertext at party S comprising:

accepting a message in the form of an input sequence of integers;

converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector having the same dimensions as said key vector; and

generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector;

transmitting said ciphertext from party S to party R over a communication channel;

receiving said ciphertext at party R; and

decrypting said ciphertext at party R to recover said message.

11. A cryptographic method as in claim 10 which securely communicates data from a first party S to a second party R further comprising the steps of:

deriving the decryption key including a decryption fuzzy residue set to be kept secret at party R;

deriving a fuzzy residue mapping to be kept secret at party R whereby elements of said decryption key set and elements of said decryption fuzzy residue set are associated for decryption;

deriving at part R from said decryption key the encryption key including an encryption fuzzy residue set from said decryption fuzzy residue set, inheriting said fuzzy residue mapping whereby elements of said encryption key set and elements of said encryption fuzzy residue set are associated for encryption;

generating at party S the ciphertext by computation that includes applying fuzzy residues determined by the values of the integers of said data vectors and in accordance with said fuzzy residue mapping; and

decrypting said ciphertext at party R including the removal of fuzzy residues from said ciphertext in accordance with said fuzzy residue mapping to recover said message.

12. A cryptographic method comprising the steps of:

deriving a decryption key by generating a decryption key set of identifiables logically segregated into k>1 sections: ##EQU5## and a decryption fuzzy residue set with corresponding sections to K.sub.d :

G=G.sub.1 .orgate.G.sub.2 .orgate. . . . .orgate.G.sub.k

and a wrinkling set with corresponding sections to K.sub.d :

B=B.sub.1 .orgate.B.sub.2 .orgate. . . . .orgate.B.sub.k

where K.sub.d, G and B are to be kept secret and each section i, for 1.ltoreq.i.ltoreq.k is K.sub.d is generated by at least one of the following constructions:

1) standard

2) submerged

3) wrinkled

4) individually mapped

5) multiply mapped

and for a submerged section i

d.sub.i,j =2.sup.h(j-1) *m.sub.i, for 1.ltoreq.j.ltoreq.z.sub.i, where subscript i in m.sub.l is defined to be: i.tbd.i, 0.tbd.i-1, z.sub.i-1

and for a wrinkled section i

.sigma.=sum(.eta..sub..theta. * .vertline..theta..vertline.)+r

d.sub.i,j =.sigma.+.PSI..sub.i-1 (b.sub.i,j), for 1.ltoreq.j.ltoreq.z.sub.i

and for a section of any of the other types: ##EQU6## where r is a non-zero positive ranged random number, .eta..sub..theta. is the maximum applicable multiple of .theta..epsilon..THETA..sub.i-1, and .THETA..sub.i is defined to be ##EQU7## where C.sub.u,v ({.mu..sub.1, .mu..sub.2, . . . , .mu..sub.n })={C.sub.u,v (.mu..sub.1), C.sub.u,v (.mu..sub.2), . . . , C.sub.u,v (.mu..sub.n)} denotes a complementation function for the construction of the entire encryption key and C.sub.u,v (.mu.), for any number .mu., is either defined to be: ##EQU8## and g.epsilon.G is a ranged random number; deriving fuzzy residue mapping FM( ), whereby elements of said key sets are associated with elements of said fuzzy residue set, and FM( ), for a section i having at least one element individually mapped, is defined to be: ##EQU9## satisfying IM(.mu.-1)=(.mu.-1)*d.sub.i,j <IM(.mu.)+.mu.*d.sub.i,j <IM(.mu.+1)+(.mu.+1)*d.sub.i,j, where X=X.sub.1 .orgate.X.sub.2 .orgate. . . . .orgate.X.sub.k is a set of integers in the ranges of [0, 2.sup.h) input to FM( ) and x.sub.i,j corresponds to e.sub.i,j and IM(x.sub.i,j) equals the value of applied residues mapped to by x.sub.i,j,

and FM( ), for a section i having elements multiply mapped, is defined to be:

FM(X)=FM(X.sub.1 .orgate.X.sub.2 .orgate. . . . .orgate.X.sub.k)=FM(X.sub.1)+FM(X.sub.2)+ . . . +FM(X.sub.k)

where FM(X.sub.i)=SM(.SIGMA.IM(x.sub.i,j)) for 1.ltoreq.j.ltoreq.z.sub.i and IM(x.sub.i,j) equals x.sub.i,j if e.sub.i,j is mapped and equals zero otherwise, and SM(.mu.) returns .alpha.*g.sub.i,j for some integer .alpha. corresponding to the value of .mu. satisfying:

SM(.mu.-1)<SM(.mu.)<SM(.mu.+1);

deriving from said decryption key an encryption key .theta..sub.k, inheriting said fuzzy residue mapping;

generating ciphertext comprising:

accepting a message in the form of an input sequence of integers in the range of [0, 2.sup.h);

converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector X having the same dimensions as said key vector; and

generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector defined by:

.gamma.=K.sub.e .times.X+FM(X)

if fuzzy residues have been generated for said encryption key, and defined by:

.gamma.=K.sub.e .times.X

otherwise;

obtaining a decryption key;

decrypting said ciphertext to recover said message via decrypting each of the ciphertext block of said ciphertext, and corresponding to a standard section i of said encryption key set, the decryption is carried out according to: ##EQU10## and after obtaining all y.sub.i,j for 1.ltoreq.j.ltoreq.z.sub.i, is adjusted by: ##EQU11## and corresponding to a submerged section i, the decryption is carried out according to: ##EQU12## where .OMEGA. is the set of elements in .theta..sub.i-1 that are tranformed from said decryption key set and Y' is the decrypted {y.sub.1,1, y.sub.1,2, . . . y.sub.i-1,.mu. }, where .mu.=z.sub.1-1,

and corresponding to a wrinkled section i, the decryption is carried out according to: ##EQU13## where b'.sub.i,j is the decoded multiple of identifiable b.sub.i,j contained in .gamma.', and after obtaining q.sub.i, .gamma.' is adjusted by: .gamma.'<.gamma.'-q.sub.i *d.sub.i,1.

and corresponding to an individually mapped section i, the decryption is carried out, for j=z.sub.i down to 1, according to:

.gamma.'<.GAMMA..sub.i.sup.-1 (.gamma.')

y.sub.i,j <q,

satisfying:

FM(q-1)+(q-1)*d.sub.i,j .ltoreq.FM(q)+q*d.sub.i,j <FM(q+1)+(q+1)*d.sub.i,j

and after obtaining each y.sub.i,j, .gamma.' is adjusted by:

.gamma.'<.gamma.'-FM(y.sub.i,j)-y.sub.i,j *d.sub.i,j

and corresponding to a multiply mapped section i, the decryption is carried out, for j=z.sub.i down to 1, according to:

.gamma.'<.GAMMA..sub.i.sup.-1 (.gamma.')

y.sub.i,j <q, satisfying:

FM(q)+q*d.sub.i,j .ltoreq..gamma.'

and after obtaining each y.sub.i,j, .gamma.' is adjusted by: ##EQU14## where for the decryption of section k, the last generated section of the decryption key set, .gamma.' equals the ciphertext .gamma. to be decrypted and

.GAMMA..sub.i.sup.-1 =.GAMMA..sub.i,1.sup.-1 .degree..GAMMA..sub.i,2.sup.-1 .degree. . . . .degree..GAMMA..sub.i,t.sbsb.i.sup.-1

.GAMMA..sub.u,v.sup.- (.mu.)=C.sub.u,v.sup.-1 ((w.sub.u,v.sup.-1 *.mu.).XI.m.sub.u,v)

C.sub.u,v.sup.-1 denotes the reverse of C.sub.u,v, where C.sub.u,v.sup.-1 (.mu.), for any number .mu., is defined as: ##EQU15##

13. A cryptographic system comprising: means for providing a plurality of key section construction methods;

means for deriving a decryption key including a decryption key set of identifiables logically segregated into sections, each said section generated by one of a plurality of construction methods and said segregation is kept secret;

means for deriving from said decryption key an encryption key, each section of said decryption key set is transformed to a corresponding section of said encryption key set and at least two said sections are transformed under different transformation methods, and previously generated and transformed sections are transformed together with the currently generated section;

means for accepting a message in the form of an input sequence of integers;

means for converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector having the same dimensions as said key vector;

means for generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector.

means for accepting a ciphertext; and

means for decrypting said ciphertext to recover said message.

14. A cryptographic system as in claim 13 further comprising:

means for deriving the decryption key including a decryption fuzzy residue set;

means for deriving a fuzzy residue mapping whereby elements of said decryption key set and elements of said decryption fuzzy residue set are associated for decryption;

means for deriving from said decryption key the encryption key including an encryption fuzzy residue set from said decryption fuzzy residue set, inheriting said fuzzy residue mapping whereby elements of said encryption key set and elements of said encryption fuzzy residue set are associated for encryption;

means for generating the ciphertext by computation that includes applying fuzzy residues determined by the values of the integers of said data vectors and in accordance with said fuzzy residue mapping; and

means for decrypting said ciphertext including the removal of fuzzy residues from said ciphertext in accordance with said fuzzy residue mapping to recover said message.

15. A cryptographic system which securely communicates data from a first party S to a second party R comprising:

means for deriving cryptographic keys at party R comprising:

means for providing a plurality of key section construction methods;

means for deriving a decryption key to be kept secret at party R including a decryption key set of identifiables logically segregated into sections, each section generated by one of a plurality of construction methods and said segregation is kept secret;

means for deriving from said decryption key an encryption key, each section of said decryption key set is transformed to a corresponding section of said encryption key set, and at least two sections are transformed under different transformation methods, and previously generated and transformed sections are transformed together with the currently generated section;

means for distributing said encryption key from party R to party S;

means for obtaining said encryption key at party S;

means for generating ciphertext at party S comprising:

means for accepting a message in the form of an input sequence of integers;

means for converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector having the same dimensions as said key vector; and

means for generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector;

means for transmitting said ciphertext from party S to party R over a communication channel;

means for receiving said ciphertext at party R; and

means for decrypting said ciphertext at party R to recover said message.

16. A cryptographic system as in claim 15 which securely communicates data from a first party S to a second party R further comprising:

means for deriving the decryption key including a decryption fuzzy residue set to be kept secret at party R;

means for deriving a fuzzy residue mapping to be kept secret at party R whereby elements of said decryption key set and elements of said decryption fuzzy residue set are associated for decryption;

means for deriving at party R from said decryption key the encryption key including an encryption fizzy residue set from said decryption fuzzy residue set, inheriting said fuzzy residue mapping whereby elements of said encryption key set and elements of said encryption fuzzy residue set are associated for encryption;

means for generating at party S the ciphertext by computation that includes applying fuzzy residues determined by the values of the integers of said data vectors and in accordance with said fuzzy residue mapping; and

means for decrypting said ciphertext at party R including the removal of fuzzy residues from said ciphertext in accordance with said fuzzy residue mapping to recover said message.

17. A cryptographic system comprising:

means for deriving a decryption key by generating a decryption key set of identifiables logically segregated into k>1 sections: ##EQU16## and a decryption fuzzy residue set G=G.sub.1 .orgate.G.sub.2 .orgate. . . . .orgate.G.sub.k and a wrinkling set B=B.sub.1 .orgate.B.sub.2 .orgate. . . . .orgate.B.sub.k with sections corresponding to those in K.sub.d, wherein K.sub.d, G and B are to be kept secret and each section i, for 1.ltoreq.i.ltoreq.k of K.sub.d is generated by at least one of the following constructions:

1) standard

2) submerged

3) wrinkled

4) individually mapped

5) multiply mapped

and for a submerged section i

d.sub.i,j =2.sup.h(j-1) *m.sub.i, for 1.ltoreq.j.ltoreq.z.sub.i, where subscript i and m.sub.i is defined to be: i.tbd.i, 0.tbd.i-1, z.sub.i-1

and for a wrinkled section i

.sigma.=sum(.eta..sub..theta. *.vertline..theta..vertline.)+r

d.sub.i,j =.sigma.+.PSI..sub.i-1 (b.sub.i,j), for 1.ltoreq.j.ltoreq.z.sub.i

and for a section of any of the other types: ##EQU17## where r is a non-zero positive ranged random number, .eta..sub..theta. is the maximum applicable multiple of .theta..epsilon..THETA..sub.i-1, and .THETA..sub.i is defined to be ##EQU18## where C.sub.u,v {.mu..sub.1, .mu..sub.2, . . . , .mu..sub.n })={C.sub.u,v (.mu..sub.1), C.sub..mu.,.nu.(.mu..sub.2), . . . , C.sub.u,v(.mu..sub.n)} denotes a complementation function for the construction of the entire encryption key and C.sub.u,v (.mu.), for any number .mu., is either defined to be: ##EQU19## and g .epsilon.G is a ranged random number; means for deriving fuzzy residue mapping FM( ), whereby elements of said key sets are associated with elements of said fuzzy residue set, and FM( ), for a section i having at least one element individually mapped, is defined to be: ##EQU20## satisfying IM(.mu.-1)+(.mu.-1)*d.sub.i,j <IM(.mu.)+.mu.*d.sub.i,j <IM(.mu.+1)+(.mu.+1)*d.sub.i,j, where X=X.sub.1 .orgate.X.sub.2 .orgate. . . . .orgate.X.sub.k is a set of integers in the ranges of [0, 2.sup.h) input to FM( ) and x.sub.i,j corresponds to e.sub.i,j and IM(x.sub.i,j) equals the value of applied residues mapped to by x.sub.i,j,

and FM( ), for a section i having elements multiply mapped, is defined to be: FM(X)=FM(X.sub.1 .orgate.X.sub.2 .orgate. . . . .orgate.X.sub.k)=FM(X.sub.1)+FM(X.sub.2)+ . . . +FM(X.sub.k) where FM(X.sub.i)=SM(.SIGMA.IM(x.sub.i,j)) for 1.ltoreq.j.ltoreq.z.sub.i and IM(x.sub.i,j) equals x.sub.i,j if e.sub.i,j is mapped and equals zero otherwise, and SM(.mu.) returns .alpha.*g.sub.i,1 for some integer .alpha. corresponding to the value of .mu. satisfying:

SM(.mu.-1)<SM(.mu.)<SM(.parallel.+1);

means for deriving from said decryption key an encryption key .THETA..sub.k, inheriting said fuzzy residue mapping,

means for obtaining an encryption key;

means for generating ciphertext comprising:

means for accepting a message in the form of an input sequence of integers in the range of [0, 2.sup.h);

means for converting said encryption key set to a key vector and converting said input sequence of integers to at least one data vector having the same dimensions as said key vector; and

means for generating ciphertext by computation that includes calculating the inner product of each of said data vectors with said key vector defined by:

.gamma.=K.sub.e .times.X+FM(X)

if fuzzy residues have been generated for said encryption key, and defined by:

.gamma.=K.sub.e .times.X

otherwise.

means for accepting a ciphertext;

means for obtaining a decryption key corresponding to said encryption key;

means for decrypting said ciphertext to recover said message via decrypting each of the blocks of said ciphertext, and corresponding to a standard section i of said encryption key set, the decryption is carried out according to: ##EQU21## and after obtaining all y.sub.i,j for 1.ltoreq.j.ltoreq.z.sub.i, .gamma.' is adjusted by: ##EQU22## and corresponding to a submerged section i, the decryption is carried out according to: ##EQU23## where .OMEGA. is the set of element in .THETA..sub.i-1 that are transformed from said decryption key set and Y' is the decrypted {y.sub.1,1, y.sub.1,2, . . . , y.sub.i-1,u }, where u=z.sub.i-1,

and corresponding to a wrinkled section i, the decryption is carried out according to: ##EQU24## where b'.sub.i,j is decoded multiple of identifiable b.sub.i,j contained in .gamma.', and after obtaining q.sub.i, .gamma.' is adjusted by: .gamma.'<.gamma.'-q.sub.i *d.sub.i,1.

and corresponding to an individually mapped section i, the decryption is carried out, for j=z.sub.1 down to 1, according to:

.gamma.'<.GAMMA..sub.i.sup.-1 (.gamma.')

y.sub.i,j <q, satisfying:

FM(q-1)+(q-1)*d.sub.i,j .ltoreq.FM(q)+q*d.sub.i,j <FM(q+1)+(q+1)*d.sub.i,j

and after obtaining each y.sub.i,j, .gamma.' is adjusted by:

.gamma.'<.gamma.'-y.sub.i,j *d.sub.i,j -FM(y.sub.i,j)

and corresponding to a multiply mapped section i, the decryption is carried out, for j=z.sub.i down to 1, according to:

.gamma.'<.GAMMA..sub.i.sup.-1 (.gamma.')

y.sub.i,j <q, for the largest q satisfying:

FM(q)+q*d.sub.i,j .ltoreq..gamma.'

and after obtaining each y.sub.i,j, .gamma.' is adjusted by: ##EQU25## where fore the decryption of section k, the last generated section of the decryption key set, .gamma.' equals the ciphertext .gamma. to be decrypted and

.GAMMA..sub.i.sup.-1 =.GAMMA..sub.i,1.sup.-1 .degree..GAMMA..sub.i,2.sup.-1 .degree. . . . .degree..GAMMA..sub.i,y.sbsb.i

.GAMMA..sub.u,v.sup.- (.mu.)=C.sub.u,v.sup.-1 ((w.sub.u,v.sup.-1 *.mu.).XI.m.sub.u,v)

C.sub.u,v.sup.-1 denotes the reverse of C.sub.u,v, where C.sub.u,v.sup.-1 (.mu.), for any number .mu., is defined as: ##EQU26##

Description

BACKGROUND OF THE INVENTION

1. Field of the Invention

This invention relates to cryptographic systems (cryptosystems) for data and information protection, and in particular to public-key cryptosystems for data and information protection in communications, to their related methods and protocols.

2. Background Description

Advances in computer and digital technology have been expanding the scope of business applications at a fast pace. Information in electronic or digital form is being used to an ever greater extent and is replacing older methods of information management, resulting in a rapid increase in the volume of digital data stored, retrieved, shared, transmitted and exchanged. Yet all applications are faced with the challenge of protecting data and information on one level or another against unauthorized access and deliberate tampering. The challenge is more prominent when data need to be transferred from one physical location to another over some communications channels that are not secure or, in most cases, the physical media used for these communications, such as a radio link, make it infeasible or impossible to guarantee exclusive access. Financial transactions like those between banks, private information such as electronic mail, proprietary or confidential data such as mobile phone identifications or pins used in electronic banking, are all examples of applications where data and information protection is indispensable. In general, for a great many applications, data need to be protected while being physically moved from one location to another or while being statically or transiently stored on hard disks, tapes, in memory, or other media.

Three primary attributes of modern information management and communications are: security, authenticity and data integrity. Cryptography is a means to construct information and communication systems having these attributes.

Protection of data/information by ways of scrambling using unpublished methods and secret encryption has a fairly long history. But public-key cryptography was only recently pioneered by W. Diffie and M. Hellman with their milestone paper "New Directions in Cryptography", IEEE Transactions on Information Theory, Vol. IT-22, 1976, pp. 644-654. The first scheme of secure communications over insecure media, introduced by Diffie and Hellman, is described in U.S. Pat. No. 4,200,770. In such a scheme, a key is securely exchanged and established between two communicating parties totally without any pre-arrangement for such a key, although the realization of the scheme is not a public-key cryptosystem and, for this basic key exchange scheme, the same key may not be later exchanged with another third party.

The first true public-key cryptosystem, a knapsack cryptosystem, was proposed by R. Merkle and M. Hellman (see "Hiding Information and Signatures in Trapdoor Knapsacks", IEEE Transactions on Information Theory, Vol. IT-24, 1978, pp. 525-530, and also see U.S. Pat. No. 4,218,582). The system offers public-key encryption and a scheme for digital signature. However, a few years after the issuance of the patent, it was shown to be insecure.

Since the concept of one-way trapdoor and asymmetricity in cryptography was introduced, many public-key cryptosystems have been invented. The RSA cryptosystem is described in U.S. Pat. No. 4,405,829 to Rivest, Shamir and Adleman. The cryptosystem of T. ElGamal is depicted in "A Public Key Cryptosystem and a Signature Scheme based on Discrete Logarithms", IEEE Transactions on Information Theory, Vol. 31, 1985, pp. 469-472. The recently advanced cryptographic systems using elliptic curves started with Victor S. Miller's paper "Use of Elliptic Curves in Cryptography", Advances in Cryptology CRYPTO '85 Proceedings, Berlin: Springer-Verlag, 1985, pp. 417-426. As an example, see the scheme of U. Maurer, U.S. Pat. No. 5,146,500.

The public-key cryptographic methods of today are based on three types of mathematical hard problems: discrete logarithm, factorization of composite of large primes, and knapsack. Some are based on the variations of the three basic problems, such as error correcting codes and product of finite automata. Knapsack cryptosystems, with the exception of Chor-Rivest cryptosystem, are the only ones that can achieve practical data encryption/decryption speed with current technology for application needs in general. The other types all suffer from low speed for encryption, decryption and/or key generation. As a result, efforts in developing knapsack cryptosystems have been tremendous, prolific and, despite repeated very disappointing revelation of weakness in their security, persistent. Nevertheless, the outlook of knapsack cryptosystems has not been encouraging. Besides a common imperfection of such cryptosystems, namely data expansion during encryption that results in a low information rate, the great majority of knapsack cryptosystems have been broken since 1982 with the first valid attack by Shamir on the basic Merkle-Hellman cryptosystem (see "A Polynomial Time Algorithm for Breaking the Basic Merkle-Hellman Cryptosystem", Advances in Cryptology: Proceedings of CRYPTO '82, Plenum Press, 1983, pp. 279-288), the successful cryptanalysis by Brickell of the multiple iterated version (see "Breaking Iterated Knapsacks", Advances in Cryptology, Proceedings of CRYPTO '84, Berlin: Springer-Verlag, 1985, pp. 342-358), and the implementation of the L.sup.3 (Lenstra, Lenstra and Lovacz) lattice basis reduction algorithm which is powerful and applies in general to knapsack problems, not just knapsack cryptosystems.

S. C. Lu and L. N. Lee proposed a more generalized version of knapsack cryptosystem using the Chinese Remainder Theorem (see "A Simple and Effective Public-Key Cryptosystem", COMSAT Technical Review, Vol. 9, No. 1, 1979, pp. 15-24). R. M. Goodman and A. J. McAuley developed another variant of knapsack cryptosystem (see "New Trapdoor Knapsack Public Key Cryptosystem", Advances in Cryptology: Proceedings of EUROCRYPT '84, Berlin: Springer-Verlag, 1985, pp. 150-158). H. Isselhorst advanced a knapsack cryptosystem using rational number (see "The Use of Fractions in Public-Key Cryptosystems", Advance in Cryptology EUROCRYPT '89, Berlin: Springer-Verlag, 1990, pp. 47-55). V. Niemi also proposed a knapsack cryptosystem (see "A New Trapdoor in Knapsacks", Advances in Cryptology EUROCRYPT '91 Proceedings, Berlin: Springer-Verlag, 1991, pp. 405-411). Another fast cryptosystem was by R. J. McEliece based on error correcting Goppa codes (see JPL (Jet Propulsion Laboratory) DSN (Deep Space Network) Progress Report 42-44, January-February 1978, pp. 114-116). All these cryptographic schemes and systems as well as various other knapsack variations were cryptanalized and described in the following papers: "A survey of recent results" by Brickell and Odlysko, Contemporary Cryptology, IEEE Press, 1992, pp. 501-540; "Cryptanalysis of Public-Key Cryptosystem based on Approximations by Rational Numbers" by J. Stern and P. Toffin, Advances in Cryptology EUROCRYPT '91, Berlin: Springer-Verlag, 1991, pp. 313-317; "The Cryptanalysis of a New Public-Key Cryptosystem based on Modular Knapsacks", by Y. M. Chee, A. Joux and J. Stern in Advances in Cryptology CRYPTO '91, Berlin: Springer-Verlag, 1991, pp. 204-212; "Cryptanalysis of McEliece's Public-Key Cryptosystem" by A. I. Turkin, Advances in Cryptology EUROCRYPT '91, Berlin: Springer-Verlag, 1991, pp. 68-70. Several knapsack type cryptosystems are not known to be broken or completely broken: the linearly shift knapsack cryptosystem by C. S. Laih et al (see "Linearly Shift Knapsack Public-Key Cryptosystem", IEEE Journal Selected Areas in Communication, Vol. 7, No. 4, May 1989, pp. 534-539), the Chor-Rivest cryptosystem (see "A Knapsack Type Public-Key Cryptosystem based on Arithmetic in Finite Fields", Advances in Cryptology CRYPTO '84, Berlin: Springer-Verlag, 1985, pp. 54-65), and the residue knapsack cryptosystem of Glen A. Orton (see "A Multiple-Iterated Trapdoor for Dense Compact Knapsacks", Advances in Cryptology CRYPTO '94, Berlin: Springer-Verlag, 1994, pp. 112-130, and U.S. Pat. No. 5,297,206). However, since partial exposure is not adequately addressed, these systems face potential threat. As mentioned earlier, the L.sup.3 lattice basis reduction algorithm is powerful and there have been improvements in applying it, such as the results published by C. P. Schnorr and H. H. Horner in "Attacking the Chor-Rivest Cryptosystem by Improved Lattice Reduction", Advances in Cryptology EUROCRYPT '95 Proceedings, Berlin: Springer-Verlag, 1995, pp. 1-12.

The quality of a cryptosystem depends on its security, performance, flexibility, cost and scope of applications. Such dependent factors are inter-related and, in a lot of cases, the improvement of one may result in the degradation of another or others.

In the prior art, cryptosystems can be classified into two major categories, the classic, private-key or symmetric cryptosystems, such as DES, and public-key or asymmetric cryptosystems, such as RSA. Public-key cryptosystems can be further categorized into single-layer and multi-layer cryptosystems.

When a public-key cryptosystem uses more than one layer, (i.e. when it encrypts the keys that are used to perform encryption), it is a multi-layer cryptosystem. Such a system is more complex than a single-layer cryptosystem, and key establishment requires additional time. The use of multi-layers in the prior art cryptosystems is mostly due to the slow speed of the cryptographic method, such as RSA, that provides the asymmetricity and the security needed. However, in the prior art, few cryptosystems are reported to use more than two layers and layers are not used for increased security in asymmetricity.

Since the late 1970's, quite a number of public-key cryptosystems have been proposed. Of all that are proposed so far, many have more theoretical interest than practicality and among them only a handful resisted attacks and remain unbroken. Some that have promised practicality are Chor-Rivest Knapsack Cryptosystem, Cryptosystems based on Discrete Exponentiation, McEliece Cryptosystem, Elliptic Curves Cryptosystems, and--the best known--RSA Cryptosystem.

However, improvements and new approaches to existing cryptographic methods and apparatuses are needed to provide secure cryptosystems that offer high level performance and robustness.

OBJECTS AND SUMMARY OF THE INVENTION

Therefore, it is an object of this invention to provide methods for implementing cryptosystems for data protection and secure communications, for enforcing data integrity and for properly identifying communication parties.

It is another object of this invention to provide methods for implementing cryptosystems of superior performance to existing high security public-key cryptographic systems.

It is still another object of this invention to provide methods for implementing various levels of security desired with dynamic adjustment to the key length, data length and/or other parameters.

It is still another object of this invention to provide methods for implementing cryptosystems with fast, easy key generation.

It is still another object of this invention to provide methods for user to control key generation, for implementing cryptosystems capable of mapping a password and random input to cryptographic keys and to use expand hash for the mapping.

It is still another object of this invention to provide methods for implementing cryptosystems to provide fast, efficient encryption/decryption.

It is still another object of this invention to provide methods for implementing fast, software cryptosystems.

It is still another object of this invention to provide methods for a simple, low cost hardware implementation of fast cryptosystems.

It is still another object of this invention to provide methods for implementing flexible and less complex cryptosystems.

It is still another object of this invention to provide methods for implementing public-key cryptosystems.

It is still another object of this invention to provide methods for implementing cryptosystems that do not expose the public key but protect it when it is being openly distributed over insecure media or communication channels.

It is still another object of this invention to provide methods for implementing low cost cryptosystems with a wide range of applications taking advantage of their fast speed and robustness.

It is still another object of this invention to provide methods for implementing cryptosystems for encrypting and decrypting digital data.

It is still another object of this invention to provide message-specific public-key cryptosystems with message-specific private encryption keys and public decryption keys.

It is still another object of this invention to provide methods for generating public key sets in sections by different construction methods and by different transformations using different transformation parameters.

It is still another object of this invention to provide methods for allowing residues (noise) in the subset sums of the public encryption key.

It is still another object of this invention to provide methods for disturbing regularities and dependency amongst the elements of the public encryption key set.

It is still another object of this invention to provide methods for introducing fuzziness, both removable and unremovable, into the cryptosystem so that correct decoding and decryption relies on other factors than purely subset sum solutions.

It is still another object of this invention to provide methods for creating extended key sets and for embedding significant key or data elements among insignificant elements.

It is still another object of this invention to provide methods for secure key distribution.

It is still another object of this invention to provide methods for generating secure sequences by way of segmentation, fragmentation, multi-seeding, and re-seeding.

It is still another object of this invention to provide methods, such as backward-and-forward scrambling, to prevent partial exposure of encrypted data by partial success of cryptanalysis via attack-on-code.

It is still another object of this invention to provide methods to generate the closure of a scaled set and to use the concept in constructing partially identifiable/tangible sets.

It is still another object of this invention to provide methods of generating partially identifiable/tangible sets as extended public key sets.

It is still another object of this invention to provide methods of multi-step and delayed bit recovery.

It is still another object of this invention to offer practical single-layer keys, single-layer mode and single-layer public-key cryptosystems.

It is still another object of this invention to provide methods for reducing the accumulative success of cryptanalysis, in particular without increase in key size.

It is still another object of this invention to provide methods to reduce the cost of key management and key maintenance, and to offer no-key-management public-key cryptosystem. It is still another object of this invention to provide methods for implementing cryptosystem with adjustable security levels without change in the key length.

It is still another object of this invention to provide message-specific keys using message-specific rugged compact set mapping, message-specific fuzzy residue mapping, and/or other parameters than the public key set itself.

It is still another object of this invention to provide methods for implementing cryptosystems that operate in both private-key and public-key modes effectively and efficiently.

It is still another object of this invention to provide methods to limit key size, to control and minimize data expansion by way of complementation with regards to the moduli.

It is still another object of this invention to provide methods for performing the primitive of mutual identification and exchange of public encryption keys.

This invention is a robust, high-speed cryptosystem, characterized by employing various cryptographic methods and protocols. The basic concept of this invention is the application of key sets of identifiables. The key sets are constructed by the various methods of this invention in such a way that the structure of the encryption key is obscured, making the encryption key resistant to attacks even when used as a public encryption key. While this invention enjoys its fast speed in encryption, decryption and key generation, it can also adjust the many parameters of its crypt transformations, and even the data length, to achieve various desired levels of security. Six of the main features of this invention are:

1) logical segregation of the key set into sections where information about the segregation is not published and is computationally infeasible to gain from the public key,

2) special dependencies amongst set elements for decoding in addition to subset sum solution,

3) the use of resolution methods/protocols in conjunction with unremovable fuzziness that provides higher security,

4) effective and efficient methods to guard against partial exposure of encrypted data from attack-on-code,

5) a computationally infeasible task for cryptanalysis to obtain what is communicated and distributed via the extended sets by QPKS until the commencement of the QPKS protocol, and

6) a protocol of identification together with key exchange as a primitive that foils active type of attacks.

This invention offers easy and fast key generation, key generation control by users, message-specific private and public keys and password-to-key mapping.

Applications of this invention can be in several areas. Besides the basic applications of a public-key cryptosystem for secure data communications, data integrity, authentication and identification, this invention has other applications including file and private data protection, database protection, electronic mail, smart card, interactive communication devices that require fast response and quick connection establishment (telephone for example), facsimile, secure distributed computing, remote software/system activation control, access control, secure logon (especially remote logon with super privileges), secret access control sharing (in particular without a trusted party's active involvement), automated bank teller, electronic banking, no-key-management secure systems, secure key exchange and secure key distribution. In particular, this invention can perform the functions of special devices using general purpose computing devices, such as using a PC for voice communication over the internet in applications known as internet phone.

BRIEF DESCRIPTION OF THE DRAWINGS

The foregoing and other objects, aspects and advantages will be better understood from the following detailed description of preferred embodiments of the invention with reference to the drawings, in which:

FIG. 1 is a block diagram showing the invention in summary form.

FIG. 2 is a detailed view of the invention in one directional encryption/decryption mode.

FIG. 3 shows an example of a simple hardware system implementing the invention.

FIG. 4 is a diagram showing the encryptor logic of the invention.

FIG. 5 is a diagram showing the decryptor logic of the invention.

DEFINITIONS AND TERMINOLOGY

For the purposes of further describing the present invention, the following terminology and convention will be used.

In this invention, unless explicitly stated otherwise, sets, bags and vectors are used and referred to interchangeably as the context appropriates. Therefore, union operation for example is used generically for both set union and bag union, and when a set is referred to as a vector, the elements assume an ordering.

For an empty set X, sum(X) is defined to be zero.

.XI.

Modulo congruence (remainder) operation.

x

Inner (dot) product operation. E.g. for any two n-dimensional vectors A and B, where A =(a.sub.1, a.sub.2, . . . , a.sub.n) and B=(b.sub.1, b.sub.2, . . . , b.sub.n), A.times.B=.SIGMA.a.sub.i *b.sub.i, for l.ltoreq.i.ltoreq.n.

Concatenation operation.

.smallcircle.

Function composition.

<

Assignment. E.g. X<A is to make X an exact copy of A, overwriting what was originally in X.

(x, y)=1

x is relatively prime to y.

.left brkt-bot..right brkt-bot.

Truncation (floor) function. I.e. .left brkt-bot.x.right brkt-bot. is the integer part of x (with the same sign as x).

Accumulative Success

See Accumulatively Successful

Accumulatively Successful

Let c be the codes of some arbitrary ciphertext, L be an arbitrary layer (see Multi-Layer Scheme for the definition of a layer), F be the implementation and application of some cryptanalysis function, and V be the implementation and application of some verification function, the range {0, 1} of V.smallcircle.F is defined as follows:

    ______________________________________
    1) (V(F(c)) =
              1) <=> (F(c) can be verified by V to be the correct
              decodes of c), or
    2) (V(F(L)) =
              1) <=> (F(L) can be verified by V to be the correct
              decodes of L)
    ______________________________________

    ______________________________________
    1)       Let A and X start as empty sets.
    2)       generate B.sub.1 through B.sub.k, the wrinkling sets
    3)       for (i=1; i.ltoreq.k, i++)
             {
    4)        generate A.sub.i ={a.sub.i.1, a.sub.i.2, ..., a.sub.i.u }, a
             key section
    5)        add b.sub.i.j *c.sub.i to a.sub.i.j (wrinkle section A.sub.i)
              /* if c.sub.i =0, A.sub.i is not changed */
    6)        X.sub.i < A.sub.i
    7)        B.sub.i < 0
    8)        A < (A .orgate. A.sub.i)
    9)        X < (X .orgate. X.sub.i)
    10)       iterate X t.sub.i times
    11)       iterate B t.sub.i times
             }
    12)      Let K.sub.e be the permuted X by P
    ______________________________________

    ______________________________________
    0100 0101 0100 1110 0100 0111 0100 1100
    0100 1001 0101 0011 0100 1000 0010 0000
    0100 1111 0101 0010 0010 0000 0100 0111
    0101 0010 0100 0101 0100 0101 0100 1011
    ______________________________________

    ______________________________________
    0100 0101 0100 1110 0100 0111 0100 11
                               (30 bits)
    00 0100 1001 0101 0011 0100 1000 0010 0
                               (31 bits)
    000 0100 1111 0101 0010 0010 0000 0100 011
                               (34 bits)
    1 0101 0010 0100 0101 0100 0101 0100 1011
                               (33 bits)
    ______________________________________

    ______________________________________
    10100 0101 0100 1110 0100 0111 0100 11
    100 0100 1001 0101 0011 0100 1000 0010 0
    1000 0100 1111 0101 0010 0010 0000 0100 011
    11 0101 0010 0100 0101 0100 0101 0100 1011
    ______________________________________